Adds new setting to control whether HTTPs is "strict" or not

- "non strict" allows use of self-signed server certificates for example
2025-06-12 02:05:29 +00:00 · 2022-04-02 20:01:07 +11:00
parent eeb707a955
commit 38652cdba3
4 changed files with 43 additions and 13 deletions
--- a/lib/api.dart
+++ b/lib/api.dart
@ -6,6 +6,7 @@ import "package:flutter/foundation.dart";
 import "package:http/http.dart" as http;
 import "package:intl/intl.dart";
 import "package:inventree/app_colors.dart";
+import "package:inventree/app_settings.dart";

 import "package:open_file/open_file.dart";
 import "package:cached_network_image/cached_network_image.dart";
@ -82,7 +83,7 @@ class APIResponse {
 /*
 * Custom FileService for caching network images
 * Requires a custom badCertificateCallback,
- * so we can accept "dodgy" certificates
+ * so we can accept "dodgy" (e.g. self-signed) certificates
 */
 class InvenTreeFileService extends FileService {

@ -142,6 +143,8 @@ class InvenTreeAPI {
  // Minimum required API version for server
  static const _minApiVersion = 7;

+  bool _strictHttps = false;
+
  // Endpoint for requesting an API token
  static const _URL_GET_TOKEN = "user/token/";

@ -308,6 +311,9 @@ class InvenTreeAPI {
    username = username.trim();
    password = password.trim();

+    // Cache the "strictHttps" setting, so we can use it later without async requirement
+    _strictHttps = await InvenTreeSettingsManager().getValue(INV_STRICT_HTTPS, false) as bool;
+
    if (address.isEmpty || username.isEmpty || password.isEmpty) {
      showSnackIcon(
        L10().incompleteDetails,
@ -620,7 +626,9 @@ class InvenTreeAPI {

    HttpClientRequest? _request;

-    var client = createClient(allowBadCert: true);
+    final bool strictHttps = await InvenTreeSettingsManager().getValue(INV_STRICT_HTTPS, false) as bool;
+
+    var client = createClient(strictHttps: strictHttps);

    // Attempt to open a connection to the server
    try {
@ -811,22 +819,22 @@ class InvenTreeAPI {
    );
  }

-  HttpClient createClient({bool allowBadCert = true}) {
+  HttpClient createClient({bool strictHttps = false}) {

    var client = HttpClient();

    client.badCertificateCallback = (X509Certificate cert, String host, int port) {
-      // TODO - Introspection of actual certificate?

-      if (allowBadCert) {
-        return true;
-      } else {
+      if (strictHttps) {
        showServerError(
          L10().serverCertificateError,
          L10().serverCertificateInvalid,
        );
        return false;
      }
+
+      // Strict HTTPs not enforced, so we'll ignore the bad cert
+      return true;
    };

    // Set the connection timeout
@ -874,7 +882,9 @@ class InvenTreeAPI {

    HttpClientRequest? _request;

-    var client = createClient(allowBadCert: true);
+    final bool strictHttps = await InvenTreeSettingsManager().getValue(INV_STRICT_HTTPS, false) as bool;
+
+    var client = createClient(strictHttps: strictHttps);

    // Attempt to open a connection to the server
    try {
@ -1113,7 +1123,9 @@ class InvenTreeAPI {
    CacheManager manager = CacheManager(
      Config(
        key,
-        fileService: InvenTreeFileService(),
+        fileService: InvenTreeFileService(
+          strictHttps: _strictHttps,
+        ),
      )
    );